製品・ソフトウェアに関する情報

JVN脆弱性詳細

IBM UrbanCode Deploy における API および CLI の getResource のセキュアなロールプロパティにアクセスされる脆弱性

Title	IBM UrbanCode Deploy における API および CLI の getResource のセキュアなロールプロパティにアクセスされる脆弱性
Summary	IBM UrbanCode Deploy には、API および CLI の getResource のセキュアなロールプロパティにアクセスされる脆弱性が存在します。
Possible impacts	REST エンドポイントへのアクセス権を持つ認証されたユーザにより、API および CLI の getResource のセキュアなロールプロパティにアクセスされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Nov. 28, 2016, midnight
Registration Date	March 2, 2017, 2:41 p.m.
Last Update	March 2, 2017, 2:41 p.m.

CVSS3.0 : 重要
Score	7.5
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:P/I:N/A:N

Affected System

IBM

IBM UrbanCode Deploy 6.0 から 6.0.1.14

IBM UrbanCode Deploy 6.1 から 6.1.3.3

IBM UrbanCode Deploy 6.2.2.1 までの 6.2

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-6068	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6068
National Vulnerability Database (NVD)
2	CVE-2016-6068	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6068

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-200	https://jvndb.jvn.jp/ja/cwe/CWE-200.html

ベンダー情報

No	Name	URL
IBM Support Document
1	C1000229	http://www-01.ibm.com/support/docview.wss?uid=swg2C1000229

Change Log

No	Changed Details	Date of change
0	[2017年03月02日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2016-6068

Summary	IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties.
Publication Date	Feb. 2, 2017, 7:59 a.m.
Registration Date	Jan. 26, 2021, 2:14 p.m.
Last Update	Nov. 21, 2024, 11:55 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ibm:urbancode_deploy:6.1.1.2:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.2.0.0:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.8:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.2.0.2:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.0.4:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.9:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.2.2:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.1:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.11:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.7:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.3:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.6:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.14:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.1.1:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.3.1:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.2.2.1:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.1.5:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.1:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.3:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.2.1.1:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.4:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.3.3:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.1.8:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.1.6:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.2.0.1:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.10:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.0.2:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.0.1:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.13:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.2.1:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.1.7:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.1.3:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.3.2:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.5:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.0.3:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.2:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.2:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.1.4:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.12:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.ibm.com/support/docview.wss?uid=swg2C1000229	Patch Vendor Advisory
2	http://www.ibm.com/support/docview.wss?uid=swg2C1000229	Patch Vendor Advisory
3	http://www.securityfocus.com/bid/95290	Technical Description VDB Entry
4	http://www.securityfocus.com/bid/95290	Technical Description VDB Entry

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ibm:urbancode_deploy:6.1.1.2:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.2.0.0:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.8:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.2.0.2:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.0.4:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.9:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.2.2:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.1:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.11:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.7:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.3:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.6:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.14:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.1.1:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.3.1:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.2.2.1:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.1.5:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.1:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.3:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.2.1.1:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.4:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.3.3:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.1.8:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.1.6:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.2.0.1:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.10:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.0.2:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.0.1:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.13:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.2.1:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.1.7:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.1.3:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.3.2:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.5:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.0.3:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.2:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.2:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1.1.4:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.0.1.12:::::::*
cpe:2.3:a:ibm:urbancode_deploy:6.1:::::::*